AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions and listings of claims 
in the application. 

Listing Of Claims 
1-19. (Cancelled) 

20. (Currently Amended) In a mob i l e platform an aircraft , a security system 
for monitoring an onboard communication system communicating with a terrestrial- 
based system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users onboard the mobilo 
platform aircraft ; 

an intrusion detection system onboard the mobi lo platform aircraft and connected 
to the onboard network; and 

an onboard security management system responsive to the intrusion detection 
system that initiates an action to stop an intrusion by one of the users onboard the 
mobi le p l atform aircraft based on a set of policies, and such that the action is directed to 
one or more selected user access points; 

said onboard security management system further updates said set of policies 
during the time that the intermittent link has connection; 

a status indicator to indicate a status of the onboard network. 
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21. (Previously Presented) The security system as recited in claim 20, 
wherein initiating the action to stop intrusion comprises sending a warning message to 
the user. 

22. (Previously Presented) The security system as recited in claim 20, 
wherein initiating the action to stop intrusion comprises disconnecting the user's access 
to the onboard network. 

23. (Previously Presented) The security system as recited in claim 20, 
wherein the onboard security management system further operates to provide an alert 
message to the terrestrial-based system when an intrusion event is detected. 

24. (Previously Presented) The security system as recited in claim 20, 
wherein the onboard security management system further operates to install a network 
traffic blocking filter on one of a plurality of user access points of the onboard network. 

25. (Previously Presented) The security system as recited in claim 20, 
wherein the action to stop intrusion is directed to a specific one of a plurality of user 
access points of the onboard network. 

26. (Previously Presented) The security system recited in claim 20, wherein 
said status indicator provides a status of a current operational state of each one of a 
plurality of network user access points of the onboard network. 
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27. {Previously Presented) The security system recited in claim 26, wherein 
the indicator indicates one of: 

a normal operational state; 

a suspect operational state wherein an intrusion event is suspected; and 
a disconnect state in which access by a user of a specific access point on the 
onboard network is prevented. 

28. (Currently Amended) In a- m oteH le- p l atfe f m - an aircraft , a security system 
for monitoring an onboard communication system communicating with a terrestrial- 
based system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users onboard the mobile 
platform aircraft ; 

an intrusion detection system onboard the mobile platform aircraft and connected 
to the onboard network for detecting if a potential intrusion event has occurred by one of 
the plurality of users onboard the mobile platform aircraft ; and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies; 

wherein: 

the action is directed to at least a selected one of a plurality of user access 
points on the onboard network; 
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if an update to the set of policies is necessary, the policies are updated 
during the time that the intermittent link has connection with the terrestriai-based 
system; and 

the onboard security manager maintains an indicator of a current 
operational state of each one of the plurality of network user access points of the 
onboard network, wherein the indicator indicates whether at least one of the following 
conditions is present: 

a normal state of operational for the onboard network; 
a suspect operational state wherein an intrusion event is 
suspected; and 

a disconnect state in which access by a user of a specific 
one of the user access points is being prevented. 

29. (Cancelled) 

30. (Previously Presented) The security system as recited in claim 28, 
wherein the onboard security manager notifies the terrestrial-based system when the 
potential intrusion event is detected. 

31. (Previously Presented) The security system as recited in claim 28, 
wherein the action comprises preventing access to the onboard network from a selected 
one or more of the user access points from the onboard network. 
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32-33. (Cancelled) 



34. (Previously Presented) in a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users onboard the mobile 
platform; 

an intrusion detection system onboard the mobile platform for monitoring the 
onboard network for detecting if a potential intrusion event has occurred by one of the 
plurality of users onboard the mobile platform; and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies, the action able to be directed to at least a selected one of a plurality of 
user access points on the onboard network, and the onboard security management 
system receives updates to said security policies from the terrestrial-based system 
while said intermittent link is operational; 

wherein the action includes one of: 

notifying a particular user on the onboard network that a suspected 
intrusion event has occurred; or 

blocking access by the particular user to the onboard network; 

the security system further provides a status indication as to a status of the 
onboard network. 
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35. (Canceled) 



36. {Previously Presented) The security system recited in claim 34, wherein 
the onboard security management system notifies the terrestrial-based system that a 
potential intrusion event has occurred. 

37. {Previously Presented) The security system recited in ciaim 34, where the 
action taken by the onboard security management system further includes installing a 
network traffic blocking filter on said user access point on which a potential intrusion 
event has occurred. 

38. (Previously Presented) A method for monitoring an onboard network on a 
mobile platform, in which the onboard network is in intermittent communication with a 
terrestrial-based system, the method comprising: 

providing a plurality of network access points to users on the mobile platform; 

monitoring the onboard network to detect an intrusion event made by at least one 
of the users on the mobile platform; 

using a security management system onboard the mobile platform, and 
responsive to notification of an intrusion event, to initiate a security action to address the 
intrusion event, in accordance with a set of security policies, where the security action 
can be directed to one or more selected access points on the network; 
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indicating an operational status of the network, and updating the security policies 
while the onboard network is in communication with the terrestrial-based system over 
an intermittent link. 

39. (Canceled) 
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